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Response to Restriction Requirement mailed November 6, 2008 

Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims 

1-31. Canceled. 

32. (Previously Presented) A transparent encryption appliance for protecting data 
stored in a web server environment that does not secure by encrypting, hashing, or keyed hashing 
data received from the web before it is stored, comprising: 

at least one network interface for coupling to at least one network and communicating 
with one or more clients via the at least one network; 

a server interface for coupling to a web server environment, wherein the server interface 
and the at least one network interface communicate using the same communications protocol; 
and 

a processor coupled to the at least one network interface and the server interface for at 
least one of securing and unsecuring data, wherein: 

securing data comprises: identifying first sensitive data contained in a data 
transaction received through the at least one network interface; securing the sensitive data by at 
least one of encrypting, hashing, and keyed hashing; replacing in the data transaction the 
identified sensitive data with the secured sensitive data; and providing the data transaction 
including the secured sensitive data to the web server environment, wherein the secured sensitive 
data is stored in the web server environment; and 

unsecuring data comprises: responsive to a request received through the at least 
one network interface for sensitive data corresponding to at least a portion of the stored secured 
first sensitive data or other stored secured sensitive data, obtaining from the web server 
environment the secured sensitive data corresponding to the requested data; unsecuring the 
obtained secured data by at least one of decrypting, unhashing, and keyed unhashing; and 
providing the unsecured sensitive data through the at least one network interface. 
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33. (Previously Presented) The appliance of claim 32, wherein: 

in securing data the data transaction is received through a first interface; and 
in unsecuring data the request is received, and the unsecured data is provided through, the 
first interface or a second interface. 

34. (Previously Presented) The appliance of claim 32, wherein the processor 
manages SSL traffic and handles computations that support SSL connections, wherein at least 
one of: 

in securing data the data transaction is received via a first SSL connection and SSL 
computations are completed before identifying the first sensitive data contained in the data 
transaction; and 

in unsecuring data the unsecured data is provided via a second SSL connection. 

35. (Previously Presented) The appliance of claim 32, wherein the received data 
transaction is one of a cleartext transaction and a Hypertext Transfer Protocol (HTTP) 
transaction. 

36. (Previously Presented) The appliance of claim 32, wherein the at least one 
network is at least one of the Internet, a wired network type, a wireless network type, a hybrid 
network type, an independent network, a proprietary network, or a back plane network. 

37. (Previously Presented) The appliance of claim 32, further comprising a key 
storage for storing at least one cryptographic key for use in at least one of the securing and 
unsecuring of data. 

38. (Previously Presented) The appliance of claim 37, further comprising a user 
interface for use in loading the at least one key into the key storage. 

39. (Previously Presented) The appliance of claim 38, wherein the user interface is 
further for use in specifying access controls to the stored keys. 
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40. (Previously Presented) The appliance of claim 32, further comprising a user 
interface for use in specifying one or more fields containing the sensitive data. 

41 . (Previously Presented) The appliance of claim 40, wherein the one or more 
fields are identified by one or more regular expressions that include a field delimiter. 

42. (Previously Presented) The appliance of claim 32, wherein the appliance 
secures and unsecures web cookies provided by the web server environment, wherein: 

securing a cookie comprises: identifying a cookie received through the server 
interface; securing the cookie by at least one of encrypting, hashing, and keyed hashing the 
cookie; and providing the secured cookie to one of the one or more clients through the at least 
one network interface, wherein the secured cookie is stored in the client; and 

unsecuring the cookie comprises: responsive to a request received through the 
server interface for the cookie stored on a client, obtaining from the client the secured cookie 
corresponding to the requested cookie through the at least one network interface; unsecuring the 
obtained secured cookie by at least one of decrypting, unhashing, and keyed unhashing; and 
providing the unsecured cookie through the server interface. 

43. (Previously Presented) A transparent encryption appliance for protecting web 
cookies provided by a web server environment that does not secure cookies generated by the web 
server environment, comprising: 

at least one network interface for coupling to at least one network and communicating 
with one or more clients via the at least one network; 

a server interface for coupling to a web server environment, wherein the server interface 
and the at least one network interface communicate using the same communications protocol; 
and 

a processor coupled to the at least one network interface and the server interface for 
securing and unsecuring cookies provided by the web server environment, wherein: 

securing a cookie comprises: identifying a cookie received through the server 
interface; securing the cookie by at least one of encrypting, hashing, and keyed hashing the 
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cookie; and providing the secured cookie to a client computer through the at least one network 
interface, wherein the secured cookie is stored in the client computer; and 

unsecuring a cookie comprises: responsive to a request received through the 
server interface for a cookie stored on a client computer, obtaining from the client computer the 
secured cookie corresponding to the requested cookie through the at least one network interface; 
unsecuring the obtained secured cookie by at least one of decrypting, unhashing, and keyed 
unhashing; and providing the unsecured cookie through the server interface. 

44. (Previously Presented) A system for protecting data stored in a web server 
environment, comprising: 

one or more clients coupled to at least one network; 

a web server environment that stores data received from the web and does not secure by 
encrypting, hashing, or keyed hashing the data received from the web before it is stored; and 

a transparent encryption appliance for protecting the data stored in the web server 
environment, comprising: 

at least one network interface coupled to the at least one network and 
communicating with the one or more clients via the at least one network; 

a server interface coupled to the web server environment, wherein the server 
interface and the at least one network interface communicate using the same communications 
protocol; and 

a processor coupled to the at least one network interface and the server interface 
for at least one of securing and unsecuring data, wherein: 

securing data comprises: identifying first sensitive data contained in a data 
transaction received through the at least one network interface; securing the sensitive data by at 
least one of encrypting, hashing, and keyed hashing; replacing in the data transaction the 
identified sensitive data with the secured sensitive data; and providing the data transaction 
including the secured sensitive data to the web server environment, wherein the secured sensitive 
data is stored in the web server environment; and 

unsecuring data comprises: responsive to a request received through the at least 
one network interface for sensitive data corresponding to at least a portion of the stored secured 
first sensitive data or other stored secured sensitive data, obtaining from the web server 
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environment the secured sensitive data corresponding to the requested data; unsecuring the 
obtained secured data by at least one of decrypting, unhashing, and keyed unhashing; and 
providing the unsecured sensitive data through the at least one network interface. 

45. (Previously Presented) The system of claim 44, wherein the processor of the 
appliance manages SSL traffic and handles computations that support SSL connections, wherein 
at least one of: 

in securing data the data transaction is received via a first SSL connection and SSL 
computations are completed before identifying the first sensitive data contained in the data 
transaction; and 

in unsecuring data the unsecured data is provided via a second SSL connection. 

46. (Previously Presented) The system of claim 44, wherein the data transaction 
received by the appliance is one of a cleartext transaction and a Hypertext Transfer Protocol 
(HTTP) transaction. 

47. (Previously Presented) The system of claim 44, wherein the appliance further 
comprises a key storage for storing one or more cryptographic keys for use in at least one of the 
securing and unsecuring of data. 

48. (Previously Presented) The system of claim 47, wherein the appliance further 
comprises a user interface for use in loading the one or more keys into the key storage and 
specifying access controls to the stored one or more keys. 

49. (Previously Presented) The system of claim 44, wherein the appliance further 
comprises a user interface for use in specifying one or more fields containing the sensitive data, 
wherein the one or more fields are identified by one or more regular expressions that include a 
field delimiter. 

50. (Previously Presented) The system of claim 44, wherein the appliance further 
secures and unsecures web cookies provided by the web server environment, wherein: 
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securing a cookie comprises: identifying a cookie received through the server 
interface; securing the cookie by at least one of encrypting, hashing, and keyed hashing the 
cookie; and providing the secured cookie to one of the one or more clients through the at least 
one network interface, wherein the secured cookie is stored in the one client; and 

unsecuring the cookie comprises: responsive to a request received through the 
server interface for the cookie, obtaining the secured cookie corresponding to the requested f 
cookie through the at least one network interface; unsecuring the obtained secured cookie by at 
least one of decrypting, unhashing, and keyed unhashing; and providing the unsecured cookie 
through the server interface. 

5 1 (Previously Presented) A system for securing web cookies provided by a web 
server environment, comprising: 

one or more clients coupled to at least one network; 

a web server environment that provides cookies and does not secure the cookies by 
encrypting, hashing, or keyed hashing; and 

a transparent encryption appliance for protecting the cookies, comprising: 

at least one network interface coupled to the at least one network and 
communicating with the one or more clients via the at least one network; 

a server interface coupled to the web server environment, wherein the server 
interface and the at least one network interface communicate using the same communications 
protocol; and 

a processor coupled to the at least one network interface and the server interface 
for securing and unsecuring cookies provided by the web server environment, wherein: 

securing a cookie comprises: identifying a cookie received through the server 
interface; securing the cookie by at least one of encrypting, hashing, and keyed hashing the 
cookie; and providing the secured cookie to one of the one or more clients through the at least 
one network interface, wherein the secured cookie is stored in the one client; and 

unsecuring the cookie comprises: responsive to a request received through the 
server interface for the cookie, obtaining the secured cookie corresponding to the requested 
cookie through the at least one network interface; unsecuring the obtained secured cookie by at 
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least one of decrypting, unhashing, and keyed unhashing; and providing the unsecured cookie 
through the server interface. 

52. (Withdrawn) A system for protecting passwords stored in a web server 
environment, comprising: 

one or more clients coupled to at least one network; 

a web server environment that stores data received from the web and does not secure by 
encrypting, hashing, or keyed hashing the data received from the web before it is stored; and 

a transparent encryption appliance for protecting passwords contained in the data stored 
in the web server environment, comprising: 

at least one network interface coupled to the at least one network and 
communicating with the one or more clients via the at least one network; 

a server interface coupled to the web server environment, wherein the server 
interface and the at least one network interface communicate using the same communications 
protocol; and 

a processor coupled to the at least one network interface and the server interface 
for securing passwords, wherein securing a password comprises identifying a password 
contained in a data transaction received through the at least one network interface; securing the 
password by at least one of encrypting, hashing, and keyed hashing; replacing in the data 
transaction the identified password with the secured password; and providing the data transaction 
including the secured password to the web server environment; 

wherein, responsive to a request received through the at least one network interface of the 
appliance for an action requiring authorization, the web server environment obtains the secured 
password from the provided data transaction, compares the secured password to a previously 
stored secured password, and authenticates the action requiring authorization in the case the 
obtained secured password matches the previously stored secured password. 

53. (Previously Presented) A method of protecting data stored in a web server 
environment, comprising: 

receiving a data transaction containing sensitive data; 
identifying the sensitive data; 
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securing the identified sensitive data by at least one of encrypting, hashing, and keyed 
hashing; 

replacing in the data transaction the identified sensitive data with the respective secured 
sensitive data; and 

providing the data transaction with the secured sensitive data; and 
storing the provided secured sensitive data in a database. 

54. (Previously Presented) The method of claim 53, further comprising after the 
storing step: 

responsive to a request for at least a portion of the sensitive data, retrieving the stored 
secured sensitive data corresponding to the requested sensitive data; 

unsecuring the retrieved sensitive data by at least one of decrypting, unhashing, and 
keyed unhashing; and 

providing the unsecured sensitive data to fulfill the request. 

55. - (Previously Presented) A computer readable medium storing executable 
instructions which, when executed in a computer, protects sensitive information stored in a web 
server environment by a method comprising: 

receiving a data transaction containing sensitive data; 
identifying the sensitive data; 

securing the identified sensitive data by at least one of encrypting, hashing, and keyed 
hashing; 

replacing in the data transaction the identified sensitive data with the respective secured 
sensitive data; and 

providing the data transaction with the secured sensitive data; 
storing the provided secured sensitive data in a database; 

responsive to a request for at least a portion of the sensitive data, retrieving the stored 
secured sensitive data corresponding to the requested sensitive data; 

unsecuring the retrieved sensitive data by at least one of decrypting, unhashing, and 
keyed unhashing; and 

providing the unsecured sensitive data to fulfill the request. 
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